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WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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Status 

1 )KI Responsive to communication(s) filed on 10 April 2008 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) ^ Claim(s) 1-36 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 
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8) D Claim(s) are subject to restriction and/or election requirement. 
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Detailed Action 
Response to Arguments 

Applicant's arguments filed 4/10/08 have been fully considered but they are not persuasive. 
Applicant argues the following: 

a) "Access by the user are not signed by specifying token 90 and business rules. To the contrary, 
the system of the '527 publication tracks user access by maintaining records of each 
authentication. The authentication refers to the user's credentials, which include, for example, 
biometric information submitted by the user. The user's credentials are not the token 90 or the 
business rules. 

Examiner respectfully disagrees. Examiner relies on the token to represent the claimed 
"user signature" and "role signature". The token the user's login name and the user's role which 
is equated to user and role signature respectively (paragraph 34). As can be seen in paragraphs 
34 and 35 of the reference, the token is stored by the secure server so that the user can eliminate 
the need to authenticate with the server each time he wishes to access information on the server. 
Therefore, it is clear that a record of at least the first time the token is submitted is stored. The 
storing of this access transaction is interpreted as being analogous to the signing of an access 
operation. The cited passage wherein applicant cites that the reference teaches tracking user 
access by maintaining user records of each authentication is an optional embodiment of the 
invention and further is not relied upon in examiner's rejection. This argument is considered to be 
moot. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-36 are rejected under 35 U.S.C. 102(b) as being anticipated by 

Khidekel (US PGP No. 20010027527). 

As per claims 1,9, 16, and 29, Khidekel teaches: 

A method for signing access operations to electronic data, comprising: 

performing a security check in order to ascertain the identity of a user; 

[see paragraph 0029] "The user can be authenticated based on the user's credentials" 

assigning a user signature, identifying the user, on the basis of the performed security check 
without being viewable by the user; 

[see paragraph 0034] "Token" 

assigning a role signature, assignable to a plurality of users, on the basis of the performed 
security check without being viewable by the user; and 

[see paragraph 0039] "... business rules that indicate which users are authorized to take 
various types of actions. . . " 

signing an access operation to electronic data by specifying the user signature and the role 
signature. 

[see paragraph 0034-0035] see explanation above in Response to Arguments. 
As per claims 2, 10, and 30, Khidekel teaches: 

The method as claimed in claim 1 , wherein the security check involves biometric data from the 
user being ascertained. 

[see paragraph 0029] 

As per claims 3, 11, 17, 23, and 31, Khidekel teaches: 

The method as claimed in claim 1 , wherein the security check involves reading at least one of an 
electronic and mechanical key. 

[see paragraph 0029, "smartcard"] 

As per claims 4, 12, 18, 19, 24, 25, and 32, Khidekel teaches: 

The method as claimed in claim 1 , wherein the user signature to be assigned is ascertainable on 
the basis of the data ascertained in the security check, by checking a user signature memory. 

[see paragraph 0026, "database 24"] 
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As per claims 5, 13, 20, 21, 26, 27, and 33, Khidekel teaches: 

The method as claimed in claim 1 , wherein the role signature to be assigned is ascertainable on 
the basis of the data ascertained in the security check, by checking a role signature memory. 

[see paragraph 0026, "database 24" 

As per claims 6, 14, 22, 28, 34, and 35, Khidekel teaches: 

The method as claimed in claim 4, wherein the user signature memory is checked using a data 
telecommunication link. 

[see paragraph 0028, "communications can be sent over a secure socket layer"] 

As per claim 7, Khidekel teaches: 

The method as claimed in claim 1 , wherein one user is assignable a plurality of role signatures 
simultaneously. 

[see paragraph 0039, wherein specified physicians may be permitted to view patient 
records as well as modify them while administrative staff may only view patient records] 

As per claims 8, 15, and 36, Khidekel teaches: 

The method as claimed in claim 1 , wherein the data are medically relevant, wherein the users are 
medical specialist personnel, and wherein the roles are formed in line with the workgroups within 
the medical specialist personnel. 

[see paragraph 0025] 
CONCLUSION 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS 
from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the 
mailing date of this final action and the advisory action is not mailed until after the end of the 
THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the 
date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
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calculated from the mailing date of the advisory action. In no event, however, will the statutory 
period for reply expire later than SIX MONTHS from the mailing date of this final action. 



POINTS OF CONTACT 

Any response to this Office Action should be faxed to (571 ) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner 
can normally be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



/Daniel L. Hoang/ 
Examiner, Art Unit 2136 
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Supervisory Patent Examiner, Art Unit 2136 



